Subversion Repositories configs

# Fail2Ban configuration file

#

# Enable "log-auth-failures" on each Sofia profile to monitor

# <param name="log-auth-failures" value="true"/>

# -- this requires a high enough loglevel on your logs to save these messages.

#

# In the fail2ban jail.local file for this filter set ignoreip to the internal

# IP addresses on your LAN.

#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from

# common.local

before = common.conf

[Definition]

_daemon = freeswitch

# Parameter "mode": normal, ddos or extra (default, combines all)

# Usage example (for jail.local):

#   [freeswitch]

#   mode = normal

#   # or with rewrite filter parameters of jail:

#   [freeswitch-ddos]

#   filter = freeswitch[mode=ddos]

#

mode = extra

# Prefix contains common prefix line (server, daemon, etc.) and 2 datetimes if used systemd backend

_pref_line = ^%(__prefix_line)s(?:(?:\d+-)?\d+-\d+ \d+:\d+:\d+\.\d+)?

prefregex = ^%(_pref_line)s \[WARN(?:ING)?\](?: \[SOFIA\])? \[?sofia_reg\.c:\d+\]? <F-CONTENT>.+</F-CONTENT>$

cmnfailre = ^Can't find user \[[^@]+@[^\]]+\] from <HOST>$

mdre-normal = %(cmnfailre)s

              ^SIP auth failure \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[[^\]]*\] from ip <HOST>$

mdre-ddos   = ^SIP auth (?:failure|challenge) \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[[^\]]*\] from ip <HOST>$

mdre-extra  = %(cmnfailre)s

              <mdre-ddos>

failregex = <mdre-<mode>>

ignoreregex =

datepattern = ^(?:%%Y-)?%%m-%%d[ T]%%H:%%M:%%S(?:\.%%f)?

              {^LN-BEG}

# Author: Rupa SChomaker, soapee01, Daniel Black, Sergey Brester aka sebres

# https://freeswitch.org/confluence/display/FREESWITCH/Fail2Ban

# Thanks to Jim on mailing list of samples and guidance

#

# No need to match the following. Its a duplicate of the SIP auth regex.

#  ^\.\d+ \[DEBUG\] sofia\.c:\d+ IP <HOST> Rejected by acl "\S+"\. Falling back to Digest auth\.$